Rod, I hope that the CP Gurus can shed light on this.
If you configure the PIX to build an IPsec tunnel to a CP at xxx.xxx.xxx.0 and the CP at xxx.xxx.xxx.1 responds, the PIX won't want to build a tunnel. Should it? I don't think so. I have seen this before but it was resolved by not using the CP VPN failover feature. Those folks didn't really give it a good college try. They had to make it work (quickly within a change control window). Maybe you will have better luck? Liberty for All, Brian At 05:16 PM 10/24/2001 -0700, Rod Cappon <[EMAIL PROTECTED]> wrote: >Message: 2 >From: Rod Cappon <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: VPN tunnel between PIX and Checkpoint in a failover config >Date: Wed, 24 Oct 2001 13:39:47 -0600 > >This message is in MIME format. Since your mail reader does not understand >this format, some or all of this message may not be legible. > >------_=_NextPart_001_01C15CC3.A33F7E70 >Content-Type: text/plain; > charset="iso-8859-1" > >I am trying to set up a LAN to LAN VPN tunnel between a Pix Firewall and two >Checkpoint Firewall set up in a Failover Configuration. The CPF has a >virtual IP setup on the cluster and 2 real IP address on the firewalls. So >the outside looks something like this xxx.xxx.xxx.0 = Virtual Firewall >xxx.xxx.xxx.1=CPF #1 xxx.xxx.xxx.2= CPF #2. I own the PIX and another >company owns the CPF. When I setup the PIX with the xxx.xxx.xxx.0 the reply >comes from xxx.xxx.xxx.1. Has anyone seen this before and how did you solve >it. This is a call I think to all you CPF gurus. > > >Rod Cappon _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
